package com.hddf.project.auth.interceptor;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts2.ServletActionContext;

import com.hddf.project.auth.json_util.JsonProvider;
import com.hddf.project.auth.pojos.User;
import com.hddf.project.auth.service.CookieService;
import com.hddf.project.auth.service.MongoDB_Query;
import com.hddf.project.auth.service.WebLoginService;
import com.mongodb.DBObject;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;


	
	public class AuthInterceptor extends AbstractInterceptor {  
		  
		private static final long serialVersionUID = -6014472578596723868L;

		@Override  
	    public  String intercept(ActionInvocation invocation) throws Exception { 
	        // 取得请求相关的ActionContext实例  
	        ActionContext ctx = invocation.getInvocationContext();  
	        HttpServletRequest request = null;
	        HttpServletResponse response = null;
	        request = (HttpServletRequest) invocation.getInvocationContext().get(ServletActionContext.HTTP_REQUEST);
	        response = (HttpServletResponse) invocation.getInvocationContext().get(ServletActionContext.HTTP_RESPONSE);
	        System.out.println("+++++auth  log =========+++++++");
	        CookieService cs = CookieService.getInstance();
	        WebLoginService wls = WebLoginService.getInstance();
	        MongoDB_Query mq = MongoDB_Query.getInstance();
	        Map<String,Object> m = null;
	        String auth = "";
	        User u = null;
			Cookie ctoken = cs.getCookieByName(request, "to");
			Cookie ctime = cs.getCookieByName(request, "ti");
			boolean b = (null!=ctime && !"".equals(ctime.getValue()));
			boolean b2 = (null!=ctoken  && !"".equals(ctoken.getValue()));
	        if(b && b2){
	        	String web_token = ctoken.getValue();
				String web_time = ctime.getValue();
				m = wls.checkWebToken(web_token,web_time);
				String str = (String)m.get("msg");
				if(!"".equals(str)){
					auth = "error";
					m.put("auth", auth);
					//request.setAttribute("result", JsonProvider.getCommonJson(m));
					//return "simpleResult";
					return "login";
					//response.sendRedirect("/login.html");
					//return null;
				}else{
					auth = "ok";
					m.put("auth", auth);
					request.setAttribute("user", m);
					String webtoken = (String)m.get("web_token");
					cs.addCookie(response, "to",webtoken , 0);
					//检验权限
					String uri = request.getRequestURI();
					System.out.println(uri);
					String[] arr = uri.split("/");
					uri = arr[arr.length-1];
					System.out.println(uri);
					u = (User)m.get("u");
					String permission = u.getPermission();
					boolean rs = false; 
					if("all".equals(permission)){
						rs = true;
					}else{
						List<DBObject> list = mq.getAuthByUser(u.getPermission());
						for(int i=0;i<list.size();i++){
							rs = list.get(i).get("url").toString().contains(uri);
							if(rs)
								break;
						}
					}
					//检验权限
					if(rs){
						request.setAttribute("uri",uri);
						return invocation.invoke();
					}
					return "no_permission";
					
				}
	        }else{
	        	m = new HashMap();
	        	m.put("auth", "error");
	        	m.put("msg", "没有令牌,请登录");
				request.setAttribute("result", JsonProvider.getCommonJson(m));
				//return "simpleResult";
				return "login";
	        }
	  
	    }
	}


